Dynamic next-hop selection for routes in a network fabric

ABSTRACT

A first network device advertises routes of locally connected routes/subnetworks based on the connectivity of the host with respect to peer network devices. The first network device establishes a virtual port channel associated with a virtual network address. The virtual port channel includes the first network device associated with a first network address and a second network device associated with a second network address. The first network device detects that a host is connected to the first network device and determines a next hop address to associate with the host. The next hop address is determined based on whether the host is also connected to the second network device of the virtual port channel. The first network device generates a route advertisement associating the next hop address with the host.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/827,183, filed Nov. 30, 2017, entitled “Dynamic Next-Hop Selectionfor Routes in a Network Fabric,” the entire contents of which are herebyincorporated by reference.

TECHNICAL FIELD

The present disclosure relates to route advertisement in computernetworking.

BACKGROUND

Network elements in a computer network may advertise routes tohosts/subnets that are attached to particular network elements via acontrol plane, such as a Border Gateway Protocol (BGP) Ethernet VirtualPrivate Network (EVPN) control plane. The route advertisements willassociate the host/subnet with a “next hop” address associated with theparticular network element to which the host/subnet is attached.

Network elements in a computer network, such as a Virtual ExtensibleLocal Area Network (VXLAN) EVPN fabric, may be grouped to provideredundancy and increase bandwidth for connected devices, such asservers. For instance, Virtual Port Channel (VPC) groups are one exampleof a Multi-Chassis Link Aggregation Group (MC-LAG) that group multiplenetwork elements. VPC peer network elements typically advertise routesto hosts and/or subnets that are attached to the VPC peer networkelements in a control plane (e.g., Border Gateway Protocol (BGP) EVPNcontrol plane) with a virtual network address associated with the VPC.In some instances, the virtual network address is a Virtual TunnelEndpoint (VTEP) Internet Protocol (IP) address that is configured as asecondary address on a Network Virtualization Endpoint (NVE) interfaceof the peer VPC network elements. However, each of the peer VPC networkelements is also associated with its own network address (e.g., IPaddress) on the NVE interface.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified block diagram of a system for advertising routesin a network domain that includes peer VPC network elements, accordingto an example embodiment.

FIG. 2A illustrates advertising a dual homed host using the virtualnetwork address of the VPC, according to an example embodiment.

FIG. 2B illustrates advertising a dual connected subnet using thevirtual network address of the VPC, according to an example embodiment.

FIG. 3A illustrates advertising an orphan host using the individualnetwork address of the peer VPC network element to which the orphan hostis attached, according to an example embodiment.

FIG. 3B illustrates advertising singly connected subnet using theindividual network address of the peer VPC network element to which thesubnet is attached, according to an example embodiment.

FIG. 4 is a simplified block diagram of a peer VPC network deviceconfigured to advertise routes for attached hosts or subnets, accordingto an example embodiment.

FIG. 5 is a flowchart depicting operations of a peer VPC network elementadvertising a route to an attached host, according to an exampleembodiment.

DESCRIPTION OF EXAMPLE EMBODIMENTS Overview

A method is provided for a first network device to advertise routes oflocally connected routes/subnetworks. The method comprises establishinga virtual port channel associated with a virtual network address. Thevirtual port channel comprises a plurality of network devices includingthe first network device associated with a first network address and asecond network device associated with a second network address. Themethod further comprises detecting that a host is connected to the firstnetwork device and determining a next hop address to associate with thehost. The next hop address is determined based on whether the host isalso connected to the second network device of the virtual port channel.The method also comprises generating a route advertisement associatingthe next hop address with the host.

DETAILED DESCRIPTION

Using the virtual network address of a VPC provides several advantages.All of the other network elements (and hosts attached to the othernetwork elements) only store a single network address for the peered VPCnetwork elements (and hosts attached to the VPC). In this way, thenumber of network addresses stored at each network element scales withthe number of VPCs rather than with the number of individual networkelements. Specific to a VXLAN EVPN implementation, which is a MediaAccess Control (MAC) in IP/User Datagram Protocol (UDP) overlay, the MACtable on the remote network elements can use the virtual network addressof the VPC as the destination IP address for the VXLAN header whenevertraffic is directed to an orphan or dual-homed host behind a particularVPC. Additionally, in the case of a single VPC peer failure, the remotenetwork elements do not need to update the network address from thevirtual network address of the VPC. The underlay will detect the VPCpeer failure and instead of an Equal Cost Multi-Path (ECMP) route, thevirtual network address will be carried on a single path that isadvertised by the VPC peer that remains functional.

However, one issue with using the virtual network address of the VPCarises when some of the traffic (e.g., 50% on average) destined toorphan hosts is directed to the wrong VPC peer based on the underlayECMP hash, and travels across the VPC peer link to reach the finaldestination. This situation may occur for both layer 3 (i.e., routed)and layer 2 (i.e., bridged) traffic.

In one example, an EVPN multi-homing approach with Ethernet SegmentIdentifier (ESI) uses the individual network addresses of the VPC peernetwork elements to advertise the reachability of host (e.g., MAC andoptionally IP address) and subnet prefix routes. While this ensures thatorphan host reachability will only be advertised from its directlyattached network element, for multi-homed hosts, the remote networkelements will see an N-way ECMP route on the overlay, which requiressupport of MAC multipath routing. Some network elements may not supportMAC multipath routing, and the convergence duration in case of a nodefailure may be quite long for network elements that do support MACmultipath routing, especially for multi-homed host routes.

The techniques presented herein provide a hybrid approach in which thevirtual network address is advertised for dual homed hosts (and dualattached subnets) and the individual network address of the networkelement is advertised for orphan hosts (and orphan subnets). This hybridapproach optimizes Forwarding Information Base (FIB) space, trafficforwarding, latency, and convergence.

Referring now to FIG. 1, a network system is shown that is configured toadvertise routes across a network domain 110. In one example, thenetwork domain 110 may be an EVPN domain. The network domain 110includes a plurality of network elements 120, 122, 124, and 126. Thenetwork elements 120, 122, 124, and 126 may include routers, switches,or other physical or virtual network devices that route trafficthroughout the network domain 110. The network domain 110 may configurethe network elements 120, 122, 124, and 126 in a number of topologies(e.g., spine/leaf, ring, star, mesh, etc.). A route advertisement logic130 in the network element 120 is configured to advertise routes (e.g.,via Border Gateway Protocol (BGP) or Interior Gateway Protocol (IGP))for hosts and subnetworks that are attached to the network domain 110via the network element 120. Though not explicitly depicted in FIG. 1,the other network elements 122, 124, and 126 may also include similarroute advertisement logic.

Network elements 120 and 122 are paired in a Virtual Port Channel (VPC)140 as peer devices. A peer link 145 connects the two VPC peer devices120 and 122 and enables network traffic to quickly flow between the twoVPC peers. The VPC 140 is assigned a virtual network address that theunderlay of the network domain 110 can route to either VPC peer 120 orVPC 122. Additionally, in configuring the VPC 140, each of the VPC peers120 and 122 is informed of any hosts or subnetworks that connect to thenetwork domain 110 via either of the VPC peers 120 and 122.

In order to optimize the usage of resources and forwarding in a networkdomain (e.g., a VXLAN BGP EVPN fabric with VPC), the network elementsadvertise host routes and subnetwork route prefix reachability with aspecific next hop address. For dual homed prefixes (e.g., hosts orsubnetworks) the routes are advertised with the virtual network addressassociated with the VPC. For single homed/orphan prefixes (i.e., hostsor subnetworks) the routes are advertised with the individual networkaddress of the network element to which the host/subnetwork is attached.In one example, the host routes referred to herein include MAC, IPv4and/or IPv6 addresses.

The techniques described herein optimize forwarding, latency, andconvergence by only advertising the most appropriate host routes. Byonly advertising the optimal routes with an intelligently selected nexthop address, the remote network elements are not forced to use hardwareFIB resources on saving suboptimal routes. These optimizations provide adistinct improvement in scalable data center network solutions.

Referring now to FIG. 2A, a simplified block diagram illustrates how theroute advertisement logic 130 optimizes the route advertisement for adual homed host 210 that is attached to both VPC peers 120 and 122 ofthe VPC 140. When the dual homed host 210, which has a MAC address of1.1.1 and an IP address of 10.1.1.1, connects to the network domain 110via both of the VPC peers 120 and 122, the route advertisement logic 130sends a route advertisement message 220 (e.g., a BGP update message)throughout the network domain 110, such as to network element 126. Theroute advertisement message 220 includes the MAC address of the host 210(e.g., 1.1.1), the IP address/range of the host 210 (e.g., 10.1.1.1/32),and a next hop address that indicates the IP address to which messagesto the host 210 should be addressed from within the network domain 110.Since the dual homed host 210 is attached to both of the VPC peers 120and 122, the route advertisement logic 130 includes the IP address ofthe VPC (e.g., 5.5.5.5), which the underlay of the network domain 110may route to either network element 120 or network element 122. In otherwords, any messages sent over the network domain 110 to the host 210will be addressed to the virtual network address (e.g., 5.5.5.5) of theVPC 140 rather than network address of either of the network elements120 (e.g., 1.1.1.1) or 122 (e.g., 2.2.2.2).

Referring now to FIG. 2B, a simplified block diagram illustrates how theroute advertisement logic 130 optimizes the route advertisement for adual connected subnetwork 230 that is connected to both VPC peers 120and 122 of the VPC 140. Similar to the example described with respect toFIG. 2A, when the dual connected subnetwork 230, which includes a rangeof IP addresses (e.g., 30.1.1.0/24), connects to the network domain 110via both of the VPC peers 120 and 122, the route advertisement logic 130sends a route advertisement logic message 240 (e.g., a BGP updatemessage) throughout the network domain 110, such as to network element126. The route advertisement message 240 does not include a MAC address,since the subnetwork 230 may include multiple devices with multiple MACaddresses. However, the advertisement message 240 includes the IPaddress/range of the subnetwork 230 (e.g., 30.1.1.0/24), and a next hopaddress that indicates the IP address to which messages to hosts on thesubnetwork 230 should be addressed from within the network domain 110.Since the dual connected subnetwork 230 is attached to both of the VPCpeers 120 and 122, the route advertisement logic 130 includes the IPaddress of the VPC (e.g., 5.5.5.5), which the underlay of the networkdomain 110 may route to either network element 120 or network element122. In other words, any messages sent over the network domain 110 tohosts on the subnetwork 230 will be addressed to the virtual networkaddress (e.g., 5.5.5.5) of the VPC 140 rather than network address ofeither of the network elements 120 (e.g., 1.1.1.1) or 122 (e.g.,2.2.2.2).

For ease of illustration, the examples depicted in FIG. 2A and FIG. 2Bshow route advertisements for a dual homed host 210 and a dual connectedsubnetwork 230, respectively. However, a similar route advertisement maybe implemented for a host/subnetwork that is connected to more than twonetwork elements, e.g. a multi-homed host or N-way connected subnetwork.In these instances, the virtual network address associated with theaggregated N-way peered network elements (i.e., analogous to the two-wayVPC 140 and its associated virtual network address) is advertised forthe N-way host/subnetwork if all of the N-way peered network elementsare all actively connected to the multi-homed host or N-way connectedsubnetwork. If any of the peered network elements are not connected tothe host/subnetwork, then one or more route advertisements arepropagated with the network address of the individual network element(s)that is/are connected to the host/subnetwork, as described hereinafterwith respect to FIG. 3A and FIG. 3B.

Referring now to FIG. 3A, a simplified block diagram illustrates how theroute advertisement logic 130 optimizes the route advertisement for anorphan host 310 that is attached to only one VPC peer 120 of the VPC140. When the orphan host 310, which has a MAC address of 2.2.2 and anIP address of 10.1.1.2, connects to the network domain 110 via the VPCpeer 120, but not the VPC peer 122, the route advertisement logic 130sends a route advertisement message 320 (e.g., a BGP update message)throughout the network domain 110, such as to network element 126. Theroute advertisement message 320 includes the MAC address of the orphanhost 210 (e.g., 2.2.2), the IP address/range of the host 310 (e.g.,10.1.1.2/32), and a next hop address that indicates the IP address towhich messages to the host 210 should be addressed from within thenetwork domain 110. Since the orphan host 210 is only attached to one ofthe VPC peers (e.g., network element 120), the route advertisement logic130 includes the IP address of the VPC peer 120 to which the orphan hostis attached (e.g., 1.1.1.1). In other words, any messages sent over thenetwork domain 110 to the orphan host 310 will be addressed to theindividual network address (e.g., 1.1.1.1) of the network element 120 towhich it is attached, rather than the virtual network address of VPC 140(e.g., 5.5.5.5).

Referring now to FIG. 3B, a simplified block diagram illustrates how theroute advertisement logic 130 optimizes the route advertisement for asingle connected subnetwork 330 that is connected to only one VPC peer122 of the VPC 140. Similar to the example described with respect toFIG. 3A, when the single connected subnetwork 330, which includes arange of IP address (e.g., 30.1.1.0/24), connects to the network domain110 via the VPC peer 122, but not the VPC peer 120, the routeadvertisement logic 130 sends a route advertisement logic message 340(e.g., a BGP update message) throughout the network domain 110, such asto network element 126. The route advertisement message 340 does notinclude a MAC address, since the subnetwork 330 may include multipledevices with multiple MAC addresses. However, the advertisement message340 includes the IP address/range of the subnetwork 230 (e.g.,30.1.1.0/24), and a next hop address that indicates the IP address towhich messages to hosts on the subnetwork 230 should be addressed fromwithin the network domain 110. Since the single connected subnetwork 330is only connected to the VPC peer 122, the route advertisement logic 130includes the IP address of the VPC peer 122 (e.g., 2.2.2.2). In otherwords, any messages sent over the network domain 110 to hosts on thesubnetwork 330 will be addressed to the individual network address(e.g., 2.2.2.2) of the network element 122, rather than the virtualnetwork address of VPC 140 (e.g., 5.5.5.5).

Referring back to FIG. 2A and to FIG. 3A, the VPC peer network element120 dynamically selects the next hop address for host routes accordingto varying conditions. In general, a host is dual/multi homed if thehost is learned via a VPC peer link or as part of an ESI. If the host isdual/multi homed, then the BGP EVPN control plane will dynamicallyselect the virtual IP address of the VPC as the next hop address of thehost route. Alternatively, a host is single homed/orphaned if the hostis learned via an individual port. If the host is single homed/orphaned,then the BGP EVPN control plane will dynamically select the IP addressof the port/network element that found the host.

In addition to dynamically selecting the next hop address with a hostthat is first learned, the host route may be updated for other eventsthat affect the reachability of the host. For instance, a VPC domainfailure or recovery will affect whether the virtual IP address of theVPC is available as a next hop address. The failure (or recovery) of theVPC may be attributed to the failure/recovery of the VPC peer networkelements and/or the VPC peer link. Additionally, while AddressResolution Protocol (ARP)/Neighbor Discovery (ND) entries may besynchronized between the VPC peers, the decision on whether or notreachability of a given host is advertised over the network domain maybe based on whether the host is reachable via a locally attached leg(e.g., VPC or orphan). Further, the EVPN control plane may monitor for ahost changing from being single homed/orphaned to dual/multi homed, orchanging from being dual/multi homed to single homed/orphaned. In otherwords, when the host moves from being attached to a single networkelement to two (or more) network elements in a VPC, the control planemay change the route advertisement from the individual network addressof the single network element to the virtual network address of the VPC.Similarly, when the host moves from being dual/multi homed to singlehomed/orphaned, the control plane may change the route advertisementfrom the virtual network address of the VPC to the individual networkaddress of the single network element.

Referring back to FIG. 2B and to FIG. 3B, the VPC peer network element120 dynamically selects the next hop address for network prefix routesaccording to varying conditions. A subnetwork is single homed (ororphaned) if it exists local to only one VPC peer network element. Inthis case, the BGP EVPN control plane selects the individual networkaddress of the local network element as the next hop address. The nexthop address selection process may be introduced through a route map thatis applied when redistributing network prefix routes (e.g., EVPN Type 5routes) into the BGP EVPN control plane. This may include externalsubnetworks as well as subnetworks associated with networks that arelocally instantiated on the VPC peers. The route map may include a new“set” action to influence the selection of the next hop address. The“set” action may modify the next hop address in the BGP update messageswhen advertising reachability to other BGP peers. With the flexibilityof the route map, this approach may be extended to other “match” objectsto provide maximum flexibility in customizing the next hop address. Thisapproach is not limited to the use cases described herein, and may beextended to other use cases.

Referring now to FIG. 4, a simplified block diagram illustrates anetwork device (e.g., VPC peer network element 120) that is configuredto participate in the techniques presented herein. The networking deviceincludes a network interface unit in the form of a plurality of networkports 410-415, a processor Application Specific Integrated Circuit(ASIC) 420 that performs network processing functions, one or moreprocessors 430 (e.g., microprocessors or microcontrollers), and memory440. The network device 120 may include multiple network processor ASICsto perform various network processing functions. The memory 440 storesthe route advertisement logic 130, which may include instructions foradvertising host/subnetwork routes, such as via BGP update messages. Itis to be understood that, in certain examples, the network device 120may be a virtual (software-based) appliance. The processor 430 performshigher level control functions of the network device 120, in concertwith functions of the network processor ASIC 420.

The memory 440 may include read only memory (ROM), random access memory(RAM), magnetic disk storage media devices, optical storage mediadevices, flash memory devices, electrical, optical, or otherphysical/tangible memory storage devices. Thus, in general, the memory440 may comprise one or more tangible (non-transitory) computer readablestorage media (e.g., a memory device) encoded with software comprisingcomputer executable instructions and when the software is executed (bythe one or more processors 430) it is operable to perform the operationsdescribed herein. For example, the memory 440 stores instructions forthe route advertisement logic 130 described above. When the processor430 executes the instructions for the route advertisement logic 130, theprocessor 430 is caused to control the network device 120 to perform theoperations described herein. As an alternative, the functions of theroute advertisement logic 130 may be performed by the network processorASIC 420.

Referring now to FIG. 5, a flowchart illustrates a process 500 performedby a first network device (e.g., VPC peer network element 120) inselecting and advertising a host route for a host connected to thenetwork device. In step 510, a VPC is established between a plurality ofnetwork devices including a first network device and a second networkdevice. In one example, the first network device and the second networkdevice are VPC peer devices. In step 520, the first network devicedetects a host connected to the first network device. In one example,the host may be a physical computing device, a virtual machine on aphysical device, or a container workload running on a physical orvirtual machine.

In step 530, the first network device determines whether the host isconnected to the second network device of VPC. In one example, the firstnetwork device determines a next hop address for the host based onwhether the host is connected to one or both of the first network deviceand the second network device. If the host is connected to secondnetwork device, as well as the first network device, then the firstnetwork device selects the virtual network address of the VPC as thenext hop address of the host in step 540. Alternatively, if the host isonly connected to the first network device, but not the second networkdevice, then the first network device selects the network address of thefirst network device as the next hop address for the host in step 545.

In another example, the VPC may include more than the first networkdevice and the second network device. In this instance, the firstnetwork device only selects the virtual network address as the next hopaddress if all of the peer devices in the VPC are connected to the host.If at least one of the peer devices in the VPC are not connected to thehost, then the first network element will select the network address ofthe first device as the next hop address.

In step 550, the first network device generates a route advertisementassociating the next hop address selected in either step 540 or step 545with the host. In one example, the route advertisement may include a BGPupdate message.

The first network device may use a similar process to determine a nexthop address for a subnetwork connected to one or both of the VPC peernetwork elements. The format of the route advertisement may differ whenadvertising a subnetwork instead of a host, but the steps of determininga next hop address will be similar between the two formats. Forinstance, advertising a host with an EVPN Type 2 route and advertising asubnetwork with an EVPN Type 5 route will not differ in how the firstnetwork device determines the next hop address to include in each typeof route advertisement.

In summary, the techniques presented herein influence the selection of anext hop address for a network domain (e.g., an EVPN domain with BGP)that includes a VPC environment, to optimize forwarding, convergence,and hardware table usage in single/dual/multi homing scenarios. In oneinstance, the next hop address for a host route is dynamically selectedbased on the specific host connectivity options (e.g., single ordual/multi homed), which improves forwarding to orphan hostsspecifically in VPC scenarios. Additionally, the new route map “set”action provides an extensible way to influence the selection of variousselection objects (e.g., the next hop address). These approachesoptimize the route advertisement for orphan/single homed hosts whilekeeping the flexibility for handling new use case scenarios.

In particular, the techniques presented herein avoid two hop forwardingfor any traffic directed to orphan or singly connected hosts within aBGP EVPN fabric. Additionally, the dynamic selection of the next hopaddress optimizes the usage of FIB, MAC, and associated ECMP tables byusing the virtual network address for dual/multi homed prefixes, andusing individual network addresses of network elements for singlehomed/orphan prefixes.

In one form, a method is provided for a first network device in avirtual port channel. The method comprises establishing a virtual portchannel associated with a virtual network address. The virtual portchannel comprises a plurality of network devices including the firstnetwork device associated with a first network address and a secondnetwork device associated with a second network address. The methodfurther comprises detecting that a host is connected to the firstnetwork device and determining a next hop address to associate with thehost. The next hop address is determined based on whether the host isalso connected to the second network device of the virtual port channel.The method also comprises generating a route advertisement associatingthe next hop address with the host.

In another form, an apparatus is provided comprising a network interfaceunit and a processor. The network interface unit is configured tocommunicate over a computer network with computing devices. Theprocessor is configured to establish a virtual port channel associatedwith a virtual network address. The virtual port channel comprises aplurality of network devices including the apparatus as a first networkdevice associated with a first network address and a second networkdevice associated with a second network address. The processor is alsoconfigured to detect that a host is connected to the first networkdevice via the network interface unit and determine a next hop addressto associate with the host. The processor determines the next hopaddress based on whether the host is also connected to the secondnetwork device of the virtual port channel. The processor is furtherconfigured to generate a route advertisement associating the next hopaddress with the host.

In still another form, one or more non-transitory computer readablestorage media is encoded with software comprising computer executableinstructions and, when the software is executed by a processor on afirst network device, operable to cause the processor to establish avirtual port channel associated with a virtual network address. Thevirtual port channel comprises a plurality of network devices includingthe first network device associated with a first network address and asecond network device associated with a second network address. Theinstructions are also operable to cause the processor to detect that ahost is connected to the first network device and determine a next hopaddress to associate with the host. The instructions cause the processorto determine the next hop address based on whether the host is alsoconnected to the second network device of the virtual port channel. Theinstructions also cause the processor to generate a route advertisementassociating the next hop address with the host.

The above description is intended by way of example only. Although thepresent disclosure has been described in detail with reference toparticular arrangements and configurations, these example configurationsand arrangements may be changed significantly without departing from thescope of the present disclosure. In particular, while specificprotocols, such as EVPN, BGP, and VPC, have been used herein asexamples, other protocols may be used by a person of ordinary sill inthe art with a scope similar to the present disclosure. Additionally,while subnetworks have been described herein as connected to one or morenetwork elements, subnetworks that are locally originated may also beused by a person of ordinary skill in the art in a manner similar towhat is presented in the present disclosure.

What is claimed is:
 1. A method comprising: establishing, in an overlaynetwork domain, a virtual port channel associated with a virtual networkaddress, the virtual port channel comprising a plurality of networkdevices including a first network device associated with a first networkaddress and a second network device associated with a second networkaddress; detecting that at least one subnetwork network address from arange of addresses in a subnetwork is accessible from the first networkdevice; determining whether to associate the virtual network address orthe first network address as a next hop address for the at least onesubnetwork network address based on whether the at least one subnetworknetwork address is also accessible from the second network device of thevirtual port channel; and generating a route advertisement associatingthe next hop address with the at least one subnetwork network address.2. The method of claim 1, wherein determining the next hop addresscomprises setting the next hop address to be the virtual network addressif the subnetwork network address is accessible from both the firstnetwork device and the second network device.
 3. The method of claim 2,further comprising: detecting that the subnetwork network address is nolonger accessible from the second network device; and updating the nexthop address in the route advertisement to be the first network address.4. The method of claim 1, wherein determining the next hop addresscomprises setting the next hop address to be the first network addressif the subnetwork is not accessible from the second network device. 5.The method of claim 1, further comprising sending the routeadvertisement to at least one other network device that is not among theplurality of network devices in the virtual port channel.
 6. The methodof claim 1, wherein the plurality of network devices in the virtual portchannel includes more than two network devices, the method furthercomprising setting the next hop address to be the virtual networkaddress only if the subnetwork network address is accessible from all ofthe plurality of network devices in the virtual port channel.
 7. Themethod of claim 1, wherein the overlay network domain is a VirtualExtensible Local Area Network (VXLAN).
 8. An apparatus comprising: anetwork interface unit configured to communicate with other devices in anetwork overlay domain; and a processor configured to: establish, in thenetwork overlay domain, a virtual port channel associated with a virtualnetwork address, the virtual port channel comprising a plurality ofnetwork devices including the apparatus as a first network deviceassociated with a first network address and a second network deviceassociated with a second network address; detect that at least onesubnetwork network address from a range of addresses in a subnetwork isaccessible from the first network device via the network interface unit;determine whether to associate the virtual network address or the firstnetwork address as a next hop address for the at least one subnetworknetwork address based on whether the at least one subnetwork networkaddress is also accessible from the second network device of the virtualport channel; and generate a route advertisement associating the nexthop address with the at least one subnetwork network address.
 9. Theapparatus of claim 8, wherein the processor is configured to determinethe next hop address by setting the next hop address to be the virtualnetwork address if the subnetwork network address is accessible fromboth the first network device and the second network device.
 10. Theapparatus of claim 9, wherein the processor is further configured to:detect that the subnetwork network address is no longer accessible fromthe second network device; and update the next hop address in the routeadvertisement to be the first network address.
 11. The apparatus ofclaim 8, wherein the processor is configured to determine the next hopaddress by setting the next hop address to be the first network addressif the subnetwork network address is not accessible from the secondnetwork device.
 12. The apparatus of claim 8, wherein the processor isfurther configured to cause the network interface unit to send the routeadvertisement to at least one other network device that is not among theplurality of network devices in the virtual port channel.
 13. Theapparatus of claim 8, wherein the processor is configured to determinethe next hop address by setting the next hop address to be the virtualnetwork address only if the subnetwork network address is accessiblefrom all of the plurality of network devices in the virtual portchannel.
 14. The apparatus of claim 8, wherein the network interfaceunit is configured to communicate with other devices in a VirtualExtensible Local Area Network (VXLAN).
 15. One or more non-transitorycomputer readable storage media encoded with software comprisingcomputer executable instructions and, when the software is executed by aprocessor on a first network device, operable to cause the processor to:establish, in an overlay network domain, a virtual port channelassociated with a virtual network address, the virtual port channelcomprising a plurality of network devices including a first networkdevice associated with a first network address and a second networkdevice associated with a second network address; detect that at leastone subnetwork network address from a range of addresses in a subnetworkis accessible from the first network device; determine whether toassociate the virtual network address or the first network address as anext hop address for the at least one subnetwork network address basedon whether the at least one subnetwork network address is alsoaccessible from the second network device of the virtual port channel;and generate a route advertisement associating the next hop address withthe at least one subnetwork network address.
 16. The non-transitorycomputer readable storage media of claim 15, further comprisinginstructions operable to cause the processor to determine the next hopaddress by setting the next hop address to be the virtual networkaddress if the subnetwork network address is accessible from both thefirst network device and the second network device.
 17. Thenon-transitory computer readable storage media of claim 16, furthercomprising instructions operable to cause the processor to: detect thatthe subnetwork network address is no longer accessible from the secondnetwork device; and update the next hop address in the routeadvertisement to be the first network address.
 18. The non-transitorycomputer readable storage media of claim 15, further comprisinginstructions operable to cause the processor to determine the next hopaddress by setting the next hop address to be the first network addressif the subnetwork is not accessible from the second network device. 19.The non-transitory computer readable storage media of claim 15, furthercomprising instructions operable to cause the processor to send theroute advertisement to at least one other network device that is notamong the plurality of network devices in the virtual port channel. 20.The non-transitory computer readable storage media of claim 15, furthercomprising instructions operable to cause the processor to determine thenext hop address by setting the next hop address to be the virtualnetwork address only if the subnetwork network address is accessiblefrom all of the plurality of network devices in the virtual portchannel.